| Название | SourceCodester Pizzafy Ecommerce System 1.0 SQL Injection |
|---|
| Описание | Title: Pizzafy Ecommerce System 1.0
Vulnerability Type: SQL Injection (Based Error)
Severity: HIGH
Status: Unpatched
Description:
A Error-based SQL Injection vulnerability was discovered in the DELETE functionality of the Pizzafy Ecommerce System.
This vulnerability occurs because the id parameter and id column is not properly sanitized, allowing an attacker to inject malicious SQL commands into the backend database query.
Affected Version: 1.0
Endpoint or parameter vulnerable: admin/ajax.php?action=delete_category
PoC:
id=4'
References:
https://www.sourcecodester.com/php/18708/pizzafy-ecommerce-system.html |
|---|
| Источник | ⚠️ https://github.com/fernando-mengali/vulndb-submissions/blob/main/11-vul-SQLI.md |
|---|
| Пользователь | Fernando Mengali (UID 83791) |
|---|
| Представление | 10.04.2026 21:34 (2 месяцы назад) |
|---|
| Модерация | 28.04.2026 12:26 (18 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359953 [SourceCodester Pizzafy Ecommerce System 1.0 ajax.php?action=delete_category ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|